This applies to only customers with Network Decoders deployed. Mapping of system parsers to Lua parsers. System parsers are typically better performance, however, Lua parsers typically extract more metadata.
| System Parser | Lua Parser Equivalent | Notes |
|---|---|---|
| AIM | AIM_lua | AIM system parser was removed in favor of the AIM_lua Lua parser. |
| ALERTS | None | This parser enables or disables the application rules. If you disable it entirely, the rules are not evaluated at all. If you disable the keys, they are evaluated, but the that key won’t be registered. |
| DHCP | DHCP_lua |
|
| DNS | DNS_verbose_lua |
|
| FeedParser | None | This parser enables or disables the feeds. If you disable it entirely, feeds are not evaluated at all. If you disable a key, feeds are evaluated, but meta going to that key from a feed won't be registered. |
| FTP | FTP_lua |
|
| GeoIP | None | Geographic data based on source and destination information (ip.src, ip.dst, country.src, country.dst, city.src, city.dst) that may be helpful during investigations and writing content for alerting. |
| Gtalk | None |
|
| H323 | None |
|
| HTTP | HTTP_lua |
|
| HTTPS | TLS_lua |
|
| IRC | IRC_verbose_lua |
|
| LotusNotes | None | Obsolete |
| | MAIL_lua |
|
| MSN | None | Obsolete |
| Net2Phone | None | Obsolete |
| NETBIOS | NetBIOS_lua |
|
| NETWORK | None | Network Layer parser is required to extract basic information about the session such as the service, IPs, ports and payload |
| NFS | NFS_lua |
|
| NNTP | None |
|
| PGP | None |
|
| POP3 | POP3_lua |
|
| RIP | ripng_lua |
|
| RTP | None |
|
| SAMETIME | None | Obsolete |
| SCCP | SCCP_lua |
|
| SEARCH | None | Enables search.ini. If you disable it entirely, regular expressions in search.ini will not be evaluated nor generate meta. |
| SIP | SIP_lua |
|
| SMB | SMB_lua |
|
| SMIME | None |
|
| SMTP | SMTP_lua |
|
| SNMP | SNMP_lua |
|
| Snort | None | Enables evaluation of snort signatures. If you disable this entirely, snort signatures will not be evaluated nor generate meta. |
| SSH | SSH_lua |
|
| TDS | TDS_lua |
|
| TELNET | None |
|
| TFTP | TFTP_lua |
|
| TNS | None |
|
| VCARD | vCard_lua |
|
| VlanGre | None | This is an extension of the NETWORK parser. It is required to extract information about VLAN tags and GRE endpoints. |
| WEBMAIL | None | Obsolete |
| WLAN | None | This is an extension of the NETWORK parser. It is required to extract information about WiFi networks. |
| YCHAT | None | Obsolete |
| YMSG | None | Obsolete |
